Many people feel that re-training young cyber offenders as cyber security professionals offers a chance to kill two birds with one stone; reducing cyber-crime and simultaneously helping to reduce the cyber skills shortage. The NCA proposed creating a “toolkit of positive diversions” for young people deemed to be at risk of online criminality, such as positive mentors, coding clubs and job opportunities.

It is certainly true that today’s cybersecurity profession is in desperate need of more young talent. Our Global Information Security Workforce Study found that only 12% of the UK workforce is under 35. The NCA’s initiative is a welcome one if it can steer enthusiastic and gifted young people towards the many career opportunities awaiting them, recognising that the devil makes work for idle hands.

However, if we are to find a long-term solution to youth cyber-crime and the skills gap it is not sufficient to target educational resources, mentors and job opportunities at a narrow band of gifted youngsters on the periphery of cyber-crime. The true solution is make such career opportunities available to all by making cybersecurity a core aspect of the education system at all levels and across a range of relevant subjects; helping prepare the future generation for work in a digital economy. Cybersecurity is increasingly fundamental to many industries and many different jobs, from engineering to web design and the education system needs to reflect this. Why wait until young people are already on the periphery of cyber-crime to divert them onto the straight and narrow when we can equip all young people with the skills to make a positive contribution from the outset?

Fortunately, this is starting to happen now. (ISC)2 has worked with organisations including the Council of Professors and Heads of Computing (CPHC), to design cybersecurity Principles and Learning Outcomes which have been turned into part of the official accreditation criteria for all UK computing degrees under the bodies BCS and the Chartered Institute for IT.

At a subsequent curriculum development roadshow supported by the Cabinet Office, 60 UK universities demonstrated a will to champion and embed cybersecurity more comprehensively across their computing degree courses. There are now opportunities to go further and teach cybersecurity within an array of popular disciplines from psychology to business management. Further efforts are being made in Further Education; with our involvement in the development in the UK’s first ever cybersecurity EPQ helping to embed cybersecurity skills in curricula at all levels.

Employers could also aid this effort by working with colleges and universities to ‘mentor’ promising students, organising graduate recruitment fares and offering cyber apprenticeships to graduates or college leavers.

I recently attended an inspiring event at the Plymouth Science Park hosted by Bluescreen IT, which echoed these very sentiments of bringing cybersecurity into the fold at a much earlier stage. The event, which brought together leading organisations including businesses, schools, universities and the local authority examined how recent online threats and the shortage of qualified and experienced cybersecurity professionals could be tackled by both business and government. It was proposed that through bringing their respective bodies together, it could mean that their agendas could be aligned and integrated to form a proactive ‘cyber cluster’, enabling parties to shape curriculums to incorporate information security and in turn provide a pipeline of nurtured talent to the profession and local businesses.

With the internet overtaking TV as children’s favourite pastime, there is also a real opportunity to engage children in cybersecurity by incorporating it into primary and secondary school teaching materials. Cybersecurity content could be included in everything from maths classes to World War One and Two history lessons on the role of code-breakers at ‘Room 40’ and Bletchley Park. Teachers could create code-breaking competitions to make the content engaging for children.

There is also an opportunity to teach internet safety to all young people, in an age when children are increasingly exposed to the hazards of the internet, from hackers to cyber-stalkers. (ISC)2 volunteers from across the cybersecurity profession have been going into UK schools to teach over 5,000 children each term on everything from ‘sexting’ to cyber-bullying. Similar initiatives could be rolled out across all schools at a national level.

The only viable long-term solution to youth cyber-crime and the skills shortage is to ensure that our education system gives all students (and their parents) the necessary skills, knowledge and awareness to feel included in, able to contribute to and benefit from the digital economy.

Many people feel that re-training young cyber offenders as cyber security professionals offers a chance to kill two birds with one stone; reducing cyber-crime and simultaneously helping to reduce the cyber skills shortage. The NCA proposed creating a “toolkit of positive diversions” for young people deemed to be at risk of online criminality, such as positive mentors, coding clubs and job opportunities.

It is certainly true that today’s cybersecurity profession is in desperate need of more young talent. Our Global Information Security Workforce Study found that only 12% of the UK workforce is under 35. The NCA’s initiative is a welcome one if it can steer enthusiastic and gifted young people towards the many career opportunities awaiting them, recognising that the devil makes work for idle hands.

However, if we are to find a long-term solution to youth cyber-crime and the skills gap it is not sufficient to target educational resources, mentors and job opportunities at a narrow band of gifted youngsters on the periphery of cyber-crime. The true solution is make such career opportunities available to all by making cybersecurity a core aspect of the education system at all levels and across a range of relevant subjects; helping prepare the future generation for work in a digital economy. Cybersecurity is increasingly fundamental to many industries and many different jobs, from engineering to web design and the education system needs to reflect this. Why wait until young people are already on the periphery of cyber-crime to divert them onto the straight and narrow when we can equip all young people with the skills to make a positive contribution from the outset?

Fortunately, this is starting to happen now. (ISC)2 has worked with organisations including the Council of Professors and Heads of Computing (CPHC), to design cybersecurity Principles and Learning Outcomes which have been turned into part of the official accreditation criteria for all UK computing degrees under the bodies BCS and the Chartered Institute for IT.

At a subsequent curriculum development roadshow supported by the Cabinet Office, 60 UK universities demonstrated a will to champion and embed cybersecurity more comprehensively across their computing degree courses. There are now opportunities to go further and teach cybersecurity within an array of popular disciplines from psychology to business management. Further efforts are being made in Further Education; with our involvement in the development in the UK’s first ever cybersecurity EPQ helping to embed cybersecurity skills in curricula at all levels.

Employers could also aid this effort by working with colleges and universities to ‘mentor’ promising students, organising graduate recruitment fares and offering cyber apprenticeships to graduates or college leavers.

I recently attended an inspiring event at the Plymouth Science Park hosted by Bluescreen IT, which echoed these very sentiments of bringing cybersecurity into the fold at a much earlier stage. The event, which brought together leading organisations including businesses, schools, universities and the local authority examined how recent online threats and the shortage of qualified and experienced cybersecurity professionals could be tackled by both business and government. It was proposed that through bringing their respective bodies together, it could mean that their agendas could be aligned and integrated to form a proactive ‘cyber cluster’, enabling parties to shape curriculums to incorporate information security and in turn provide a pipeline of nurtured talent to the profession and local businesses.

With the internet overtaking TV as children’s favourite pastime, there is also a real opportunity to engage children in cybersecurity by incorporating it into primary and secondary school teaching materials. Cybersecurity content could be included in everything from maths classes to World War One and Two history lessons on the role of code-breakers at ‘Room 40’ and Bletchley Park. Teachers could create code-breaking competitions to make the content engaging for children.

There is also an opportunity to teach internet safety to all young people, in an age when children are increasingly exposed to the hazards of the internet, from hackers to cyber-stalkers. (ISC)2 volunteers from across the cybersecurity profession have been going into UK schools to teach over 5,000 children each term on everything from ‘sexting’ to cyber-bullying. Similar initiatives could be rolled out across all schools at a national level.

The only viable long-term solution to youth cyber-crime and the skills shortage is to ensure that our education system gives all students (and their parents) the necessary skills, knowledge and awareness to feel included in, able to contribute to and benefit from the digital economy.

About the (ISC)² Blog

As the certifying body for more than 125,000 cyber, information, software and infrastructure security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other security professionals and the public at large.

The (ISC)² blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)² website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org